Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User
Guide
Task 5: Configuring security
Perform this task to configure the PMP 450i system in accordance with the network
operator’s security policy. Choose from the following procedures:
• Isolating APs from the internet on page 79: to ensure that APs are properly secured
from external networks
• Encrypting radio transmissions on page 80: to configure the unit to operate with AES or
DES wireless link security
• Managing module access by passwords on page 80: to set up the AP to require SMs to
authenticate via the AP, WM, or RADIUS server (see Task 15: Configuring a RADIUS
server on page 184)
• Filtering protocols and ports on page 85: to filter (block) specified protocols and ports
from leaving the system
• Requiring SM Authentication on page 84: to configure the network to only allow
registration to authenticated SMs
• Encrypting downlink broadcasts on page 87: to encrypt downlink broadcast
transmissions such as ARP and NetBIOS
• Isolating SMs on page 88: to prevent SMs in the same sector from directly
communicating with each other
• Filtering management through Ethernet on page 88: to prevent management access to
the SM via the radio’s Ethernet port
• Allowing management only from specified IP addresses on page 88: to only allow radio
management interface access from specified IP addresses
• Configuring management IP by DHCP on page 89: to allow the radio’s management IP
address to be assigned by a network DHCP server
• Restricting radio Telnet access over the RF interface on page 89: to restrict Telnet
access to the AP
Isolating APs from the internet
Ensure that the IP addresses of the APs in your network
• are not routable over the Internet.
• do not share the subnet of the IP address of your user.
RFC 1918, Address Allocation for Private Subnets, reserves for private IP
networks three blocks of IP addresses that are not routable over the Internet:
• /8 subnets have one reserved network, 10.0.0.0 to 10.255.255.255.
• /16 subnets have 16 reserved networks, 172.16.0.0 to 172.31.255.255.
• /24 subnets have 256 reserved networks, 192.168.0.0 to 192.168.255.255.
pmp-0957 (April 2015) 79